Backing Up and Restoring Fusion Secrets

Before you undeploy the Fusion capability, back up Fusion secrets for later restoration.

Backing Up Fusion Secrets

To back up Fusion secrets before you undeploy Fusion, use the following commands to locate and save them:

echo $(kubectl get secret rethink-secret -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1) -o json | jq '.data["rethink-password"]' | sed 's/"//g' ) > rethink-secret-bkp
echo $(kubectl get secret reporting-secret -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1) -o json | jq '.data["reporting-password"]' | sed 's/"//g' ) > reporting-secret-bkp
echo $(kubectl get secret acs-secret-db -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1) -o json | jq '.data["dbuser-pwd"]' | sed 's/"//g' ) > acs-db-secret-bkp
echo $(kubectl get secret acs-svc-secret -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1) -o json | jq '.data["acs-svc-password"]' | sed 's/"//g' ) > acs-svc-secret-bkp

Restoring Backed-Up Fusion Secrets

To restore previously backed-up Fusion secrets after you redeploy Fusion, complete the following steps:

  1. Locate the secrets that you backed up previously.

  2. To restore the secrets, run the following commands:

    export RETHINK_SECRET=$(cat rethink-secret-bkp); echo $(kubectl get secret rethink-secret -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1) -o json | jq '.data["rethink-password"]=env.RETHINK_SECRET' | kubectl apply -f -)
    export REPORTING_SECRET=$(cat reporting-secret-bkp); echo $(kubectl get secret reporting-secret -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1) -o json | jq '.data["reporting-password"]=env.REPORTING_SECRET' | kubectl apply -f -)
    export ACS_DB_SECRET=$(cat acs-db-secret-bkp); echo $(kubectl get secret acs-secret-db -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1) -o json | jq '.data["dbuser-pwd"]=env.ACS_DB_SECRET' | kubectl apply -f -)
    export ACS_SVC_SECRET=$(cat acs-svc-secret-bkp); echo $(kubectl get secret acs-svc-secret -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1) -o json | jq '.data["acs-svc-password"]=env.ACS_SVC_SECRET' | kubectl apply -f -)